def test_get_user(client, jwt, session): # pylint:disable=unused-argument """Assert that a user can retrieve their own profile.""" # POST a test user headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED rv = client.get('/api/v1/users/@me', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK user = json.loads(rv.data) assert user['firstname'] == 'Test'
def test_add_org_staff_admin_anonymous_not_passed(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Assert that an org can be POSTed.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_admin_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') rv = client.post('/api/v1/orgs', data=json.dumps({'name': 'My Test Org'}), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED dictionary = json.loads(rv.data) assert dictionary['accessType'] == 'ANONYMOUS'
def test_documents_returns_200(client, jwt, session): # pylint:disable=unused-argument """Assert get documents endpoint returns 200.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.get('/api/v1/documents/termsofuse', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK assert rv.json.get('version_id') == '2' headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.anonymous_bcros_role) rv = client.get('/api/v1/documents/termsofuse', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK assert rv.json.get('version_id') == 'd1'
def test_add_affiliation_returns_exception(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Assert that attempting to delete an affiliation returns an exception.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode) rv = client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity1), headers=headers, content_type='application/json') headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1), headers=headers, content_type='application/json') dictionary = json.loads(rv.data) org_id = dictionary['id'] with patch.object(AffiliationService, 'create_affiliation', side_effect=BusinessException(Error.DATA_ALREADY_EXISTS, None)): rv = client.post('/api/v1/orgs/{}/affiliations'.format(org_id), data=json.dumps(TestAffliationInfo.affliation1), headers=headers, content_type='application/json') assert rv.status_code == 400
def test_add_contact_duplicate_returns_400(client, jwt, session): # pylint:disable=unused-argument """Assert that adding a duplicate contact to an Entity returns 400.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode) client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity1), headers=headers, content_type='application/json') client.post('/api/v1/entities/{}/contacts'.format(TestEntityInfo.entity1['businessIdentifier']), headers=headers, data=json.dumps(TestContactInfo.contact1), content_type='application/json') rv = client.post('/api/v1/entities/{}/contacts'.format(TestEntityInfo.entity1['businessIdentifier']), headers=headers, data=json.dumps(TestContactInfo.contact1), content_type='application/json') assert rv.status_code == http_status.HTTP_400_BAD_REQUEST
def test_staff_get_user(client, jwt, session): # pylint:disable=unused-argument """Assert that a staff user can GET a user by id.""" # POST a test user headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED # GET the test user as a staff user headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_role) rv = client.get('/api/v1/users/{}'.format( TestJwtClaims.public_user_role['preferred_username']), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK user = json.loads(rv.data) assert user['firstname'] == 'Test'
def test_add_org_invalid_user_returns_401(client, jwt, session): # pylint:disable=unused-argument """Assert that POSTing an org with invalid user returns a 401.""" headers = factory_auth_header(jwt, claims=TestJwtClaims.edit_role) with patch.object(UserService, 'find_by_jwt_token', return_value=None): rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_401_UNAUTHORIZED
def test_authorizations_for_staff_returns_200(client, jwt, session): # pylint:disable=unused-argument """Assert authorizations for staff user returns 200.""" inc_number = 'tester' headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_role) rv = client.get(f'/api/v1/entities/{inc_number}/authorizations', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK
def test_update_contact_missing_contact_returns_404(client, jwt, session): # pylint:disable=unused-argument """Assert that updating a contact for a non-existent user returns a 404.""" # POST a test user headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') # PUT a contact to test user rv = client.put('/api/v1/users/contacts', data=json.dumps(TestContactInfo.contact1), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_404_NOT_FOUND
def test_update_user(client, jwt, session): # pylint:disable=unused-argument """Assert that a POST to an existing user updates that user.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED user = json.loads(rv.data) assert user['firstname'] == 'Test' # post token with updated claims headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.updated_test) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED user = json.loads(rv.data) assert user['firstname'] == 'Updated_Test'
def test_update_user_terms_of_use_invalid_input(client, jwt, session): # pylint:disable=unused-argument """Assert that a PATCH to an existing user updates that user.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED user = json.loads(rv.data) assert user['firstname'] == 'Test' # post token with updated claims headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.updated_test) input_data = json.dumps({'invalid': True}) rv = client.patch('/api/v1/users/@me', headers=headers, data=input_data, content_type='application/json') assert rv.status_code == http_status.HTTP_400_BAD_REQUEST
def test_fetch_tasks(client, jwt, session): # pylint:disable=unused-argument """Assert that the tasks can be fetched.""" user = factory_user_model() factory_task_service(user.id) headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_role) rv = client.get('/api/v1/tasks', headers=headers, content_type='application/json') item_list = rv.json assert schema_utils.validate(item_list, 'paged_response')[0] assert rv.status_code == http_status.HTTP_200_OK
def test_update_contact_invalid_format_returns_400(client, jwt, session): # pylint:disable=unused-argument """Assert that updating with an invalidly formatted contact returns a 400.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role) client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity1), headers=headers, content_type='application/json') client.post('/api/v1/entities/{}/contacts'.format(TestEntityInfo.entity1['businessIdentifier']), headers=headers, data=json.dumps(TestContactInfo.contact1), content_type='application/json') rv = client.put('/api/v1/entities/{}/contacts'.format(TestEntityInfo.entity1['businessIdentifier']), headers=headers, data=json.dumps(TestContactInfo.invalid), content_type='application/json') assert rv.status_code == http_status.HTTP_400_BAD_REQUEST
def test_fetch_task(client, jwt, session): # pylint:disable=unused-argument """Assert that the task can be fetched by id.""" user = factory_user_model() task = factory_task_service(user.id) task_id = task._model.id headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_role) rv = client.get('/api/v1/tasks/{}'.format(task_id), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK assert rv.json.get('name') == task._model.name
def test_add_same_org_409(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Assert that an org can be POSTed.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_409_CONFLICT
def test_search_directors_xlsx_export(client, jwt, session): # pylint:disable=unused-argument """Assert that directors can be searched via GET.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.no_role) client.get( '/api/v1/directors/export/?field=firstNme&operator=exact&value=Lillian&mode=ALL&page=1&sort_type=asc&' 'sort_value=lastNme&additional_cols=none', headers=headers, content_type='application/json', )
def test_delete_inactive_user_returns_400(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Test if the user doesn't have any teams/orgs assert status is 204.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED # post token with updated claims headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.updated_test) rv = client.delete('/api/v1/users/@me', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_204_NO_CONTENT rv = client.delete('/api/v1/users/@me', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_400_BAD_REQUEST
def test_delete_contact_no_contact_returns_404(client, jwt, session): # pylint:disable=unused-argument, invalid-name """Assert that deleting a contact that doesn't exist returns a 404.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') rv = client.delete('/api/v1/users/contacts', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_404_NOT_FOUND
def test_update_user_terms_of_use(client, jwt, session): # pylint:disable=unused-argument """Assert that a PATCH to an existing user updates that user.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED user = json.loads(rv.data) assert user['firstname'] == 'Test' # post token with updated claims headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.updated_test) input_data = json.dumps({'termsversion': 1, 'istermsaccepted': True}) rv = client.patch('/api/v1/users/@me', headers=headers, data=input_data, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK user = json.loads(rv.data) assert user['userTerms']['termsOfUseAcceptedVersion'] == 1
def test_add_contact(client, jwt, session): # pylint:disable=unused-argument """Assert that a contact can be added to an entity.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.system_role) rv = client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity1), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.system_role) rv = client.post('/api/v1/entities/{}/contacts'.format( TestEntityInfo.entity1['businessIdentifier']), headers=headers, data=json.dumps(TestContactInfo.contact1), content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED dictionary = json.loads(rv.data) assert len(dictionary['contacts']) == 1 assert dictionary['contacts'][0]['email'] == TestContactInfo.contact1[ 'email']
def test_authorizations_passcode_returns_200(client, jwt, session): # pylint:disable=unused-argument """Assert authorizations for passcode user returns 200.""" inc_number = 'CP1234567' headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode) rv = client.get(f'/api/v1/entities/{inc_number}/authorizations', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK assert rv.json.get('orgMembership') == 'OWNER' # Test with invalid number headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode) rv = client.get('/api/v1/entities/INVALID/authorizations', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK assert rv.json.get('role', None) is None
def test_delete_user_with_tester_role(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Test delete the user by tester role assert status is 204.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.tester_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED # post token with updated claims headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.tester_role) rv = client.delete('/api/v1/users/@me', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_204_NO_CONTENT rv = client.get('/api/v1/users/@me', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_404_NOT_FOUND
def test_document_signature_get_returns_200(client, jwt, session): # pylint:disable=unused-argument """Assert get documents/filename/signatures endpoint returns 200.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_bceid_user) file_name = 'test_file.jpeg' rv = client.get(f'/api/v1/documents/{file_name}/signatures', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK assert rv.json.get('key').startswith('Affidavits/')
def test_invalid_documents_returns_404(client, jwt, session): # pylint:disable=unused-argument """Assert get documents endpoint returns 404.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.get('/api/v1/documents/junk', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_404_NOT_FOUND assert rv.json.get( 'message') == 'The requested invitation could not be found.'
def test_unauthorized_search_orgs_for_affiliation(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Assert that search org with affiliation works.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode) client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity_lear_mock), headers=headers, content_type='application/json') headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) client.post('/api/v1/users', headers=headers, content_type='application/json') rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1), headers=headers, content_type='application/json') dictionary = json.loads(rv.data) org_id = dictionary['id'] client.post('/api/v1/orgs/{}/affiliations'.format(org_id), headers=headers, data=json.dumps(TestAffliationInfo.affiliation3), content_type='application/json') # Create a system token headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_user_role) rv = client.get('/api/v1/orgs?affiliation={}'.format(TestAffliationInfo.affiliation3.get('businessIdentifier')), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_401_UNAUTHORIZED
def test_search_corporations_xlsx_export(client, jwt, session): # pylint: disable=unused-argument """Check we can export corps.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.no_role) rv = client.get( '/api/v1/businesses/export/?query=pembina&page=1&sort_type=dsc&sort_value=corpNme', headers=headers, content_type='application/json', ) assert rv.status_code == http_status.HTTP_200_OK
def test_get_org_no_auth_returns_401(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Assert that an org cannot be retrieved without an authorization header.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1), headers=headers, content_type='application/json') dictionary = json.loads(rv.data) org_id = dictionary['id'] rv = client.get('/api/v1/orgs/{}'.format(org_id), headers=None, content_type='application/json') assert rv.status_code == http_status.HTTP_401_UNAUTHORIZED
def test_delete_org(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Assert that an org can be deleted.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_201_CREATED dictionary = json.loads(rv.data) org_id = dictionary['id'] rv = client.delete('/api/v1/orgs/{}'.format(org_id), headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_204_NO_CONTENT
def test_list_api_keys(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Assert that api keys can be listed.""" # First create an account user_header = factory_auth_header( jwt=jwt, claims=TestJwtClaims.public_account_holder_user) client.post('/api/v1/users', headers=user_header, content_type='application/json') rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1), headers=user_header, content_type='application/json') org_id = rv.json.get('id') # Create a system token and create an API key for this account. headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.system_role) rv = client.post(f'/api/v1/orgs/{org_id}/api-keys', headers=headers, content_type='application/json', data=json.dumps({ 'environment': 'dev', 'keyName': 'TEST' })) rv = client.post(f'/api/v1/orgs/{org_id}/api-keys', headers=headers, content_type='application/json', data=json.dumps({ 'environment': 'dev', 'keyName': 'TEST 2' })) rv = client.get(f'/api/v1/orgs/{org_id}/api-keys', headers=headers, content_type='application/json') assert rv.json['consumer']['consumerKey'] rv = client.get(f'/api/v1/orgs/{org_id}/api-keys', headers=user_header, content_type='application/json') assert rv.json['consumer']['consumerKey']
def test_get_affiliations(client, jwt, session): # pylint:disable=unused-argument """Assert that a list of affiliation for an org can be retrieved.""" headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode) rv = client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity_lear_mock), headers=headers, content_type='application/json') rv = client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity_lear_mock2), headers=headers, content_type='application/json') headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role) rv = client.post('/api/v1/users', headers=headers, content_type='application/json') rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1), headers=headers, content_type='application/json') dictionary = json.loads(rv.data) org_id = dictionary['id'] rv = client.post('/api/v1/orgs/{}/affiliations'.format(org_id), data=json.dumps(TestAffliationInfo.affiliation3), headers=headers, content_type='application/json') rv = client.post('/api/v1/orgs/{}/affiliations'.format(org_id), data=json.dumps(TestAffliationInfo.affiliation4), headers=headers, content_type='application/json') rv = client.get('/api/v1/orgs/{}/affiliations'.format(org_id), headers=headers) assert rv.status_code == http_status.HTTP_200_OK affiliations = json.loads(rv.data) assert affiliations[0][ 'businessIdentifier'] == TestEntityInfo.entity_lear_mock[ 'businessIdentifier'] assert affiliations[1][ 'businessIdentifier'] == TestEntityInfo.entity_lear_mock2[ 'businessIdentifier']